1 files changed, 50 insertions, 0 deletions

diff --git a/install/restart_scripts/restart_pkicad b/install/restart_scripts/restart_pkicad
new file mode 100644
index 000000000..070760b16
--- /dev/null
+++ b/install/restart_scripts/restart_pkicad
@@ -0,0 +1,50 @@
+#!/usr/bin/python -E
+#
+# Authors:
+#   Rob Crittenden <rcritten@redhat.com>
+#
+# Copyright (C) 2012  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+import syslog
+from ipapython import services as ipaservices
+from ipaserver.install import certs
+from ipalib import api
+
+nickname = sys.argv[1]
+
+api.bootstrap(context='restart')
+api.finalize()
+
+syslog.syslog(syslog.LOG_NOTICE, "certmonger restarted pki-cad, nickname '%s'" % nickname)
+
+# Fix permissions on the audit cert if we're updating it
+if nickname == 'auditSigningCert cert-pki-ca':
+    db = certs.CertDB(api.env.realm, nssdir='/var/lib/pki-ca/alias')
+    args = ['-M',
+            '-n', nickname,
+            '-t', 'u,u,Pu',
+           ]
+    db.run_certutil(args)
+
+try:
+    # I've seen times where systemd restart does not actually restart
+    # the process. A full stop/start is required. This works around that
+    ipaservices.knownservices.pki_cad.stop('pki-ca')
+    ipaservices.knownservices.pki_cad.start('pki-ca')
+except Exception, e:
+    syslog.syslog(syslog.LOG_ERR, "Cannot restart pki-cad: %s" % str(e))